We excel at helping companies that struggle to deploy, manage and use an effective combination of expertise and tools to detect threats, especially targeted advanced threats and insider threats. We improve real-time threat detection and provide better protection than traditional security service providers. MDR services are not delivered by most security service providers because they lack the security expertise or it does not fit their business of IT service management.

With AWN CyberSOC, you work with your Concierge Security Engineer, who tailors the MDR implementation to align with your exact security policies and operational requirements. We relieve you of the burden of figuring out the best method or device to use for security monitoring and response capability.

Cyberstone uses the Open Web Application Security Project (OWASP) Top Ten framework as a guide to all of our web application penetration tests. OWASP is an open community meaning it receives input from small and large organizations in just about every vertical market. The community’s goal is to help organizations develop and maintain web applications that can be trusted. The current Top Ten vulnerabilities facing web applications are:

Information gathering that will be used for the attack. Potential targets, vulnerabilities, and exploits are identified. Discovered assets are compared against known vulnerability databases to aid in penetration testing efforts.

Attack

Exploitation of targets based on discovered information. We’ll use a combination of manual and automated techniques, scripts, and toolkits to circumvent security controls.

Reporting

Documentation of successful exploits and their corresponding vulnerabilities and assets.

After web application penetration testing is complete, a Cyberstone security engineer will consult with your customer on application security. Consulting will cover how to best secure sensitive data on the web application backend database.

Cyberstone’s web application penetration testing service will help you customers comply with the following regulations:

PCI Requirement 11.3.1

New York State Department of Financial Services 23 NYCRR 500 §500.05(a)(1)

Gramm-Leach-Bliley Act §501(b)

Federal Trade Commission 16 CFR Part 314

Vulnerability Assessment

Vulnerability assessments play a critical role in an organization’s ability to defend against security threats. They also help grade the effectiveness of technical controls already in place.

Not all vulnerabilities should be treated the same. Some will need to be addressed immediately while others may be addressed at a later date. Our reporting will give your customer an actionable roadmap for remediation. While other security companies simply run a tool and provide a 400-page report, we spend time ensuring that the results are concise, actionable, and without noise.

Cyberstone will look for areas of weaknesses such as missing patches, outdated firmware, unnecessary open shares, default passwords, incorrect permissions, and rogue devices. We then provide your customer with a prioritized “fix first” remediation report and step them through what needs to be done to close gaps in their defenses.

Cyberstone’s vulnerability assessment services will help your customers comply with the following regulations.

PCI Requirement 11.2.1 & 11.2.2​

New York State DFS 23 NYCRR 500 §500.05(a)(2)

Gramm-Leach-Bliley Act §501(b)

Federal Trade Commission 16 CFR Part 314

Security Assessments

Cyberstone is adamant about doing security the right way. We find that organizations are quick to spend money on firewalls, endpoint protection, and other “common” controls. They then try to wrap policy around their technology purchases. Finally, they reach out to a security provider to grade their work. This has to be reversed.

To best secure your clients, a holistic assessment should come before written policy and expenditures on technical controls.

In our security assessments, we’ll ask your customer what gets them up every morning, what their corporate vision is, and what their 5-year and 10-year plans are. From this basic understand of their goals and objectives, we’ll be in a suitable position to discuss their unique risks and vulnerabilities.

Security assessments are fitting for organizations where one or more of the following is true:

There was a recent breach and prevention of a future one is critical.

There is a looming audit and stakeholders can’t sleep at night.

Company leadership is concerned about keeping the lights on from a cybersecurity best-practices perspective.

As part of the assessment, Cyberstone will interview key personnel, catalog existing security policies, procedures, and controls, and examine information technology assets. By following the NIST SP800-115 guideline for information security assessments, Cyberstone will effectively uncover organizational and regulatory gaps.

Cyberstone’s reporting will provide your customer with a roadmap for adhering to industry best practices around cybersecurity. After the assessment, your customer will have a better handle on the effectiveness of existing information security investments. They’ll know where their money is being well-spent and where they may need to pivot.

Most of our security assessments uncover severely lacking or outdated written information security policy. After an assessment closeout meeting, we can help your customer in this area as well.

Risk Assessment

Risk assessments are at the heart of every healthy cybersecurity program. They uncover the unique risks facing an organization and tie them to a custom-built risk-reduction roadmap. Risk assessments address what to do to minimize the impact of:

natural disasters

technology failures

ransomware or other malware outbreaks

sudden loss of key employees

myriad other potential events or disasters

Cyberstone’s risk assessments provide a comprehensive evaluation of your customers’ information security risks, a mitigation strategy for the identified risks, and a foundation for the risk management process. The risk assessment service is based on the globally-recognized NIST SP800-30 Guide for Conducting Risk Assessments.

Our security engineers will review the information systems and processes of your customer’s business to determine areas of risk including their likelihood and impact.

The risk assessment service is conducted in a highly-structured manner involving the steps below.

System Characterization

Threat Identification

Vulnerability Identification

Control Analysis

Likelihood Determination

Impact Analysis

Risk Determination

Control Recommendations

Results Documentation

The output of the risk assessment is a document that includes risk statements with scored priorities and recommendations for safeguardswhere appropriate. This document will serve as a security plan for initiatives in the coming year and beyond.

Cyberstone’s risk assessment service will bring your customers closer to complying with the following regulations.

PCI Requirement 12.2

HIPAA §164.308(a)(1)(ii) (A)

New York State Department of Financial Services 23 NYCRR 500 §500.09

Gramm-Leach-Bliley Act §501(b)

Federal Trade Commission 16 CFR Part 314 §314.4

Policy Development

Information security policies provide organizations with clarity and standardization. They govern how security controls are installed and configured and also tell employees what behaviors are expected and acceptable while interfacing with information systems.

Policies are not static. Over time, corporate objectives may change, company cultures may change, and technology absolutely changes. As such, policy review should be a regular component of all cybersecurity programs.

We help organizations write comprehensive policies to address today’s unique cybersecurity challenges such as bring-your-own-device (BYOD) and the movement of workflows to the cloud.

Cyberstone will:

Research and analyze the organization to determine policy priority and gaps in the organization’s policy library.

The goal of internal/external penetration testing is to answer the question “how easily could a hacker access private data on my systems?”

Cyberstone carries out internal and external penetration testing according to the globally-recognized NIST SP-800 115 standard. Phases of penetration testing are listed below.

Establish rules of engagement

Attack surface reconnaissance

Exploitation

Analysis and reporting

Closeout meeting

Whether your customer is aiming to comply with a regulation or simply gain a better understand of the risk to their private data, our templated services are trusted and non-disruptive.

Cyberstone’s penetration testing services will help your customers comply with the following regulations.

PCI Requirement 11.3.1 & 11.3.2

New York State Department of Financial Services 23 NYCRR 500 §500.05(a)(1)

Gramm-Leach-Bliley Act §501(b)

Federal Trade Commission 16 CFR Part 314 §314.4

Financial Services

With trillions of dollars in assets continually moving across complex infrastructures and around the world, it is no wonder that the financial services industry has long represented the holy grail for today’s most sophisticated cyber-criminals. And while the companies therein have responded by investing in high maturity security systems, these systems are predicated on an approach to cyber defense that has been antiquated by fundamental shifts in the nature of the cyber-attack.

One such shift is the rise of insider threats, which now account for 74% of business cyber security incidents. Because legacy security tools generally look outward to spot potential attacks, they miss these insider threats that imperil today’s financial institutions. Malicious employees have the advantage of familiarity with the networks and information they manipulate, and their credentials allow them to exfiltrate the most sensitive such information without raising red flags. Moreover, even well-intentioned employees present major security risks thanks to the emergence of personalized spear phishing emails, which trick victims into infecting their networks with malware by posing as friends and colleagues.

Another critical development in the cyber threat landscape has been the dramatic increase in the speed of such threats: modern strains of ransomware, for instance, can encrypt a network in under 30 seconds. As a result, even security tools that manage to alert incident responders to potential dangers are no longer sufficient. The reality is that these responders cannot counter machine speed threats on their own, and regardless, they are often flooded with hundreds or thousands of alerts — far too many to investigate before it’s too late.

Darktrace is the next generation of cyber defense, proven capable of identifying and autonomously responding to subtle attacks that bypass all other security tools. Deployed by many of the largest financial institutions in the world, Darktrace’s AI technology gives industry leaders unprecedented visibility into all their digital activity, as well as the unparalleled ability to detect and contain fast-acting threats in seconds. With Darktrace, security teams are afforded the critical time and knowledge they need to protect the world’s financial assets.

The media and entertainment industry faces a fundamental challenge in the Digital Age: monopolizing content and services at a time when information flows more freely than ever before. This challenge is nowhere greater than in the case of cyber-crime, which threatens the intellectual property at the heart of the industry’s business model.

Such intellectual property is essential for media companies in particular, which spend enormous resources to create films and television shows that they must then defend from threat actors across the world. Yet modern consumers expect media that is highly digitized, with content readily available on multiple platforms — an expectation that is difficult to reconcile with the ideal of data security. In an age of advanced cyber-threat, media and entertainment companies must balance availability and exclusivity to avoid damaging leaks that could severely harm their reputations.

For entertainment companies, the imperative of protecting IP is accompanied by the need to defend sensitive customer data and lucrative digital operations. Online poker sites, for instance, house thousands of users’ credit card numbers, while a ransomware attack that shuts down its services can cost millions in lost revenue. Beyond their direct financial ramifications, security breaches can inflict lasting damage to a company’s brand name.

Many of the world’s leading media and entertainment companies have turned to Darktrace to protect against today’s sophisticated threats. Darktrace’s Enterprise Immune System technology enables these organizations to detect and defend against cyber threats in real time, protecting their key assets and foundational intellectual property with AI that learns on the job. Darktrace also provides total network visibility, affording its users an unprecedented awareness of all the routes that a potential threat could take. With Darktrace’s AI, media and entertainment companies can effectively safeguard their valuable intellectual property while remaining dynamic and innovative.

The media and entertainment industry faces a fundamental challenge in the Digital Age: monopolizing content and services at a time when information flows more freely than ever before. This challenge is nowhere greater than in the case of cyber-crime, which threatens the intellectual property at the heart of the industry’s business model.

Such intellectual property is essential for media companies in particular, which spend enormous resources to create films and television shows that they must then defend from threat actors across the world. Yet modern consumers expect media that is highly digitized, with content readily available on multiple platforms — an expectation that is difficult to reconcile with the ideal of data security. In an age of advanced cyber-threat, media and entertainment companies must balance availability and exclusivity to avoid damaging leaks that could severely harm their reputations.

For entertainment companies, the imperative of protecting IP is accompanied by the need to defend sensitive customer data and lucrative digital operations. Online poker sites, for instance, house thousands of users’ credit card numbers, while a ransomware attack that shuts down its services can cost millions in lost revenue. Beyond their direct financial ramifications, security breaches can inflict lasting damage to a company’s brand name.

Many of the world’s leading media and entertainment companies have turned to Darktrace to protect against today’s sophisticated threats. Darktrace’s Enterprise Immune System technology enables these organizations to detect and defend against cyber threats in real time, protecting their key assets and foundational intellectual property with AI that learns on the job. Darktrace also provides total network visibility, affording its users an unprecedented awareness of all the routes that a potential threat could take. With Darktrace’s AI, media and entertainment companies can effectively safeguard their valuable intellectual property while remaining dynamic and innovative.

The retail sector was the number one cyber-attack target among all industries in 2017. In just the past few years, industry giants from Target to Neiman Marcus have seen their reputations diminished by massive leaks of personally identifiable information, each of which affected tens of millions of customers. These companies themselves face lasting repercussions beyond just reputational damage: Home Depot’s breach, for instance, will likely cost the company $179 million once all its lawsuits finalize.

There are more than half a trillion cashless transactions every year, while e-commerce sales alone are projected to reach roughly $5 trillion by 2021: a virtual treasure trove for cyber-criminals to plunder. Given the hyper-competitive nature of the retail space, companies are vying with one another to maximize ease-of-purchase, a concern that is difficult to balance with the need for robust cyber security.

The industry is also lucrative prey for online threat actors due to the ease with which they can monetize retailers’ assets, which include mountains of credit card numbers and personal information that can all be rapidly sold on the Dark Web for profit. E-commerce sites also directly transfer virtual funds, while many of the security tools protecting these transfers remain susceptible to innovative malware that such tools aren’t programmed to detect.

If anything can be gleaned from the barrage of attacks bombarding retailers globally, it is that these companies must fundamentally shift their approach to cyber defense. Several leading retailers have already spearheaded this shift, entrusting Darktrace’s cyber AI to protect their network from never-before-seen threats, while relying on Darktrace Antigena to autonomously respond to those threats with machine speed.

Darktrace’s Enterprise Immune System has given us peace of mind that we are well-equipped to defend against today’s sophisticated attacks.

Dane Sanderson, Global Security Director, Trek

Technology & Telecoms

Cyber-attacks targeting technology and telecommunications firms represent the most significant threat to their sensitive customer data and invaluable intellectual property. When successful, such attacks cost these firms dearly, not only in terms of immediate loss of revenue but also in the form of subsequent reputational damage.

Technology firms that provide digital services or house vast quantities of user information are particularly at risk, as demonstrated in the Uber breach that exposed the personal information of more than 25 million users. Regulations around personal data, such as GDPR, increasingly require technology firms to adopt a robust cyber defense strategy that can detect cyber-threats at an early stage.

Cyber-attacks aimed at technology firms with lucrative IP have also become a fact of life in the Information Age. Often perpetrated by nation-state actors with advanced capabilities, these attacks are now remarkably subtle and stealthy, with some of the latest examples beginning to incorporate AI elements. For tech companies that rely on IP to maintain their competitive edge, these subtle and AI-powered threats have rendered static security systems no longer a viable option as a last line of defense.

The world’s most inventive companies are paving the way for a safer and smarter future, but that future is seriously imperiled by the modern cyber-threat, which legacy tools are ill-equipped to counteract. These innovators must therefore be willing to adopt equally innovative cyber security solutions, most obviously for the sake of their reputations and their bottom lines, but not least for their customers around the globe who increasingly entrust them with their livelihoods.

Darktrace’s machine learning and mathematics are extremely powerful in detecting activity that is abnormal.

Mark Hughes, President, BT Security

Transportation

Protecting increasingly interconnected critical infrastructure from new cyber threats is a significant challenge faced by the transportation sector. Damage to critical infrastructure has the potential to cause major knock-on effects for business reputation and customer satisfaction. Striking the balance between functionality and security is of vital importance for transportation companies as they provide critical services.

Cyber-attackers may target transportation companies not only to gain access to customer databases or other confidential data that may be monetized, but also to deliberately disrupt critical services, whether for political or ideological reasons. By interrupting the operational technologies managing transport infrastructures, cyber-threats can irreparably damage company reputations and pose a real threat to passenger safety.

Darktrace works with some of the world’s leading transportation companies, from airport groups to train companies, to provide defense against some of the most difficult and subtle threats within their networks.

The unique ability of Darktrace’s Enterprise Immune System to learn the normal behavior of each user, device and network, enables it to spot deviations from the norm and calculate the probability that those deviations represent genuine problems that require investigation. Darktrace detects threats as they emerge, providing total network visibility and ensuring that critical infrastructure can function reliably and safely, without interruption.

We rely purely on Darktrace to highlight changes in behavior that we need to be aware of.

Wayne Smith, Head of IT and Technology, Birmingham Airport

Legal & HR

Cyber security is today an unavoidable concern for law firms and the legal sector at large, which oversees disproportionately large volumes of sensitive data and which is therefore an attractive target for sophisticated threat actors. From confidential information about mergers and acquisitions to disclosures made under attorney-client privilege, today’s law firms are inundated with data that would be disastrous if leaked, both for the results of individual cases and for these firm’s long-term reputations.

Indeed, this reputational damage diminishes the very trust upon which the legal profession is predicated, jeopardizing client relationships and hindering customer acquisition. Legal organizations lose 5% of their clients following a data breach, while significant or high-profile breaches can even prompt a firm’s eventual collapse, as was the case for Mossack Fonseca in the infamous Panama Papers breach.

In today’s increasingly digital business world, even the most private legal documents are now regularly revised online, transferred over email, and stored in the cloud. This shift creates an urgent need for cyber defenses that can safeguard these files across complex and hybrid infrastructures. Yet most law firms are relatively small, many do not employ large security teams, and few have adequately prepared themselves for the stealthy behavior and machine speed of modern cyber-attacks.

Many law firms across the world — including Magic Circle and Am Law 100 firms — have deployed Darktrace to pre-empt emerging threats before it’s too late. Darktrace’s world-leading cyber AI security has allowed these firms to demonstrate a serious cyber security strategy, one in line with client expectations, and to increase confidence in their defenses against both insider and external threats.

It’s a game changer for us to be able to see threats early or as they are happening. It allows us to take control of a situation.

Mark Vivian, Head of IT Security, Irwin Mitchell

Education

The recent escalation of cyber-attacks targeting the education sector has taught museums and schools across the world a valuable lesson: no organization is immune to threats online.

Indeed, educational institutions house significant quantities of sensitive personal information that can be used to commit identity theft, from colleges that collect families’ financials when determining tuition fees, to test providers that store social security numbers for identification purposes. Yet these organizations generally lack the robust cyber defenses that protect data-rich companies in other sectors, rendering them attractive prey for cyber-criminals.

However, today’s most sophisticated attackers are largely not lone criminals looking to sell personal information on the Dark Web; rather, they are coordinated, often state-sponsored threat actors with even more devastating intentions. In March 2018, the U.S. Justice Department indicted nine nation-state actors who allegedly stole 31 terabytes of documents from more than 140 American colleges on behalf of a foreign government, which later launched another attack on 76 universities in 14 countries. These universities produce many of the world’s most transformative innovations, and this intellectual property must be shielded from both financially and geopolitically motivated attacks.

While such external attacks are increasingly subtle and fast-acting, threats from credentialed users present an even greater challenge for legacy security tools. Unfortunately, insider threat is now a fact of life in education: A 2018 analysis of 850 cyber-attacks on colleges found that disgruntled students and staff accounted for a significant percentage of these incidents. Whether insiders attempt to alter grades or steal intellectual property or sabotage the administration, legacy cyber defenses simply can’t see them.

Darktrace’s cyber AI can see them, providing real-time threat detection and autonomous response to spot and stop these subtle attacks and insider threats at an early stage. Today, Darktrace protects some of the world’s leading universities, museums, and educational foundations, allowing them to stop even never-before-seen attacks in real time.

Government & Defense

Governments and the defense sector face some of the most pernicious cyber-attackers, including state-sponsored ones. The stakes are high and governments are continually confronted with new, unseen threat methodologies that change quickly, move subtly, and are very difficult to detect.

Despite the best perimeter defenses, advanced attackers continue to challenge this sector, while insider threats that evade such perimeter protections are particularly devastating. As the Edward Snowden case proved, insiders render even the world’s most well-defended organizations vulnerable to attack, since legacy tools can rarely detect the malicious behavior of credentialed users. Indeed, non-malicious, legitimate network users also introduce risk, thanks to the increasing prevalence of targeted spear phishing campaigns that seek to trick employees into infecting their networks.

Darktrace works with governments and the defense sector to deliver the best-in-class, most resilient defense against today’s attackers and tomorrow’s threats. It assists governments in achieving oversight and visibility of their myriad networks and users, and it increases their confidence in being able to catch in-progress threats before they do damage.

With our unique heritage in government intelligence – our experts have decades of experience in cyber defense for national security, working in high-risk environments in the US, Canada and the UK – Darktrace is uniquely placed to help protect critical assets and national infrastructures. Darktrace fights back with the same level of sophistication and speed as the adversary, whoever or whatever they are.

In a rapidly evolving threat landscape, the Enterprise Immune System is absolutely critical to detect new types of attacks.

Laura Whitt-Winyard, Director of Information Security, Billtrust

Energy & Utilities

The energy and utility sector has long faced some of the most advanced attackers, from industrial espionage to state-sponsored attacks. As part of national critical infrastructure, the importance of defending these organizations in this new era of threats cannot be underestimated.

It is not just a case of protecting the corporate network either. Industrial Control Systems, such as SCADA, are increasingly being targeted in highly sophisticated attacks that threaten safety and personal security, as well as the long-term future of major infrastructure providers.

As IT and Operational Technology environments continue to converge – and the traditional air gap is undermined – it is critical to attain coverage and monitoring across all networks, so that emerging threats may be detected wherever they are moving.

Darktrace’s ICS capability, with the Industrial Immune System, complements its core Enterprise Immune System technology, making it the only threat detection and investigation tool that addresses both IT and OT environments.

Whether an employee shortcutting security policies, a skilled hacktivist with a grudge to bear, or a stealthy state actor biding time within your network, Darktrace catches the subtle signs of abnormality and identifies threats in their early stages.

Darktrace is the only company that uses mathematical analysis and machine learning to detect potential threats, allowing us to stay ahead of evolving risks.

Mike Somers, IT and Security Manager, Open Energi

Healthcare & Pharma

With the digitization of healthcare records and medical processes, and the premium that is paid on the dark web for medical records, the healthcare industry is increasingly becoming an attractive target for cyber-attackers across the world. Indeed, the healthcare industry faced no less than 142 known security breaches in Q2 of 2018 alone, which represents a significant increase from past quarters.

The healthcare sector has, in particular, experienced a rising number of ransomware attacks, in which cyber-criminals encrypt a network’s data and hold it hostage. These criminals consider such healthcare organizations low-hanging fruit for such attacks, as many lack the high maturity defenses to protect themselves effectively.

For pharmaceutical companies, cyber-attacks threaten the intellectual property at the very heart of their businesses, since their multibillion-dollar research is often guarded only by legacy security tools that become more antiquated each day. As these tools remain fixed in their understanding of what constitutes suspicious behavior, cyber-criminals are circumventing them by perpetually creating more and more innovative attacks.

Darktrace’s Enterprise Immune System offers the industry the means to stay ahead of emerging threats that jeopardize the entire sector. We work with hospitals and healthcare providers to deliver real-time awareness and visibility of all digital interactions, and our solution automatically flags emerging behaviors that require investigation. In addition to the Enterprise Immune System’s real-team alerting, Darktrace Antigena can autonomously contain attacks like ransomware in seconds — before they do irrevocable harm.

It’s a huge help to have a second pair of eyes on our systems at all times.

Manufacturing companies face significant challenges in an age of increasing digitization, where corporate IT networks are coming to share more functions with traditional operational technologies. Protecting IT and OT environments, as well as ensuring that the supply chain is secure, means that manufacturing companies face cyber-threats from multiple angles.

Manufacturers depend on availability and reliability – machinery must be available to operate, and trusted to deliver. An undetected cyber attack could undermine the production process and cause substantial damage to finances and reputation. Insider threat poses a significant problem too – insiders could be well-placed to access critical systems to deliberately disrupt vital services, but also inadvertent mistakes could allow cyber-attackers to access operational technologies by using the corporate network as a through route. Manufacturing executives are increasingly aware of the greater risk of cyber-attack, and are taking steps to improve on existing security practises.

By working with leading manufacturing companies around the world, Darktrace is helping to defend against cyber-attacks and ensure organizations can operate without disruption. Darktrace’s self-learning technology is uniquely capable of learning a ‘pattern of life’ across both corporate IT networks and operational technologies, enabling it to detect anomalous activity in real time. Darktrace also provides total network visibility, aiding the investigative ability of security teams and providing boardroom executives with greater business oversight.

Machine learning can detect things that we can’t predict and define. It’s like finding a needle in an enormous haystack.